{"id":327384,"date":"2026-05-01T14:02:04","date_gmt":"2026-05-01T08:32:04","guid":{"rendered":"https:\/\/ebiztoday.news\/?p=327384"},"modified":"2026-05-01T14:02:04","modified_gmt":"2026-05-01T08:32:04","slug":"essentially-the-most-severe-linux-threat-to-surface-in-years-catches-the-world-flat-footed","status":"publish","type":"post","link":"https:\/\/ebiztoday.news\/index.php\/2026\/05\/01\/essentially-the-most-severe-linux-threat-to-surface-in-years-catches-the-world-flat-footed\/","title":{"rendered":"Essentially the most severe Linux threat to surface in years catches the world flat-footed"},"content":{"rendered":"<div>\n<p>Publicly released exploit code for an effectively unpatched vulnerability that offers root access to virtually all releases of Linux is setting off alarm bells as defenders scramble to ward off severe compromises inside data centers and on personal devices.<\/p>\n<p>The vulnerability and exploit code that exploits it were <a href=\"https:\/\/copy.fail\/#contact\">released Wednesday evening<\/a> by researchers from security firm Theori, five weeks after privately disclosing it to the Linux kernel security team. The team patched the vulnerability in versions <a href=\"https:\/\/github.com\/torvalds\/linux\/commit\/a664bf3d603dc3bdcf9ae47cc21e0daec706d7a5\">7.0<\/a>, <a href=\"https:\/\/git.kernel.org\/stable\/c\/ce42ee423e58dffa5ec03524054c9d8bfd4f6237\">6.19.12<\/a>, <a href=\"https:\/\/git.kernel.org\/stable\/c\/fafe0fa2995a0f7073c1c358d7d3145bcc9aedd8\">6.18.12<\/a>, 6.12.85, 6.6.137, 6.1.170, 5.15.204, and 5.10.254) but few of the Linux distributions had incorporated those fixes on the time the exploit was released.<\/p>\n<h2>A single script hacks all distros<\/h2>\n<p>The critical flaw, tracked as CVE-2026-31431 and the name CopyFail, is an area privilege escalation, a vulnerability class that enables unprivileged users to raise themselves to administrators. CopyFail is especially severe because it might probably be exploited with a single piece of exploit code\u2014released in Wednesday\u2019s disclosure\u2014that works across all vulnerable distributions with no modification. With that, an attacker can, amongst other things, hack multi-tenant systems, break out of containers based on Kubernetes or other frameworks, and create malicious pull requests that pipe the exploit code through <a href=\"https:\/\/en.wikipedia.org\/wiki\/CI\/CD\">CI\/CD<\/a> work flows.<\/p>\n<p>\u201c\u2018Local privilege escalation\u2019 sounds dry, so let me unpack it,\u201d researcher Jorijn Schrijvershof <a href=\"https:\/\/jorijn.com\/en\/blog\/copy-fail-cve-2026-31431-linux-kernel-bug-explained\/\">wrote Thursday<\/a>. \u201cIt means: an attacker who already has some method to run code on the machine, whilst probably the most boring unprivileged user, can promote themselves to root. From there they will read every file, install backdoors, watch every process, and pivot to other systems.\u201d<\/p>\n<p>Schrijvershof added that the identical Python script Theori released works reliably for Ubuntu 22.04, Amazon Linux 2023, SUSE 15.6, and Debian 12. The researcher continued:<\/p>\n<\/p><\/div>\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Publicly released exploit code for an effectively unpatched vulnerability that offers root access to virtually all releases of Linux is setting off alarm bells as defenders scramble to ward off severe compromises inside data centers and on personal devices. The vulnerability and exploit code that exploits it were released Wednesday evening by researchers from security [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":327385,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[10],"tags":[623,51230,17834,3873,3098,5242,813,1303],"class_list":["post-327384","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technology","tag-catches","tag-flatfooted","tag-linux","tag-severe","tag-surface","tag-threat","tag-world","tag-years"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/ebiztoday.news\/index.php\/wp-json\/wp\/v2\/posts\/327384","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ebiztoday.news\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ebiztoday.news\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ebiztoday.news\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/ebiztoday.news\/index.php\/wp-json\/wp\/v2\/comments?post=327384"}],"version-history":[{"count":2,"href":"https:\/\/ebiztoday.news\/index.php\/wp-json\/wp\/v2\/posts\/327384\/revisions"}],"predecessor-version":[{"id":327387,"href":"https:\/\/ebiztoday.news\/index.php\/wp-json\/wp\/v2\/posts\/327384\/revisions\/327387"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/ebiztoday.news\/index.php\/wp-json\/wp\/v2\/media\/327385"}],"wp:attachment":[{"href":"https:\/\/ebiztoday.news\/index.php\/wp-json\/wp\/v2\/media?parent=327384"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ebiztoday.news\/index.php\/wp-json\/wp\/v2\/categories?post=327384"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ebiztoday.news\/index.php\/wp-json\/wp\/v2\/tags?post=327384"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}